<?php
# 文件名称:user.php
# MetInfo在线反馈系统 
# Copyright (C) 长沙米拓信息技术有限公司 (http://www.metinfo.cn). All rights reserved.
class user extends C_controller {
	function user()
	{
		parent::C_controller();
		//设置语言
		$this->setLanguageFile( 'user' );
		//任务列表
		$this->registerTask( 'add'  , 	'display'  );
		$this->registerTask( 'edit'  , 	'display'  );
		$this->registerTask( 'apply', 	'save'  );
		$this->registerTask( 'unblock', 'block' );
	}
	//显示
	function display( $tpl = null )
	{	
		$SYS = &get_instance();
		$class = $SYS->request->getVar('option', '', 'get');
		$class = $class==''?$SYS->request->getvar('option') : $class;
		//用户或用户组的权限
		switch($class)
		{			
			case 'groups':$this->permit('user.display.option.groups');break;
			default:$this->permit('user.display.option.users');
		}
		//保存或应用
		if($this->getTask()=='apply')
		{
			$tmp[] = $SYS->request->getVar('id', 0, 'post', 'int');
			$SYS->request->setVar('cid', $tmp, 'post', 'int');
			parent::display($SYS->request->getVar('apply',''));
		}	
		else
		{
			parent::display($this->getTask());
		}
	}
	//保存
	function save()
	{
		$SYS = &get_instance();
		C_request::checkToken();
		$class = $SYS->request->getVar('option', '', 'get');
		$class = $class==''?$SYS->request->getvar('option') : $class;
		//用户或用户组保存
		switch($class)
		{			
			case 'groups':$this->saveGroups();break;
			default:$this->saveUsers();
		}
	}
	//保存用户组
	function saveGroups()
	{
		C_request::checkToken();
		$SYS = &get_instance();
		//初始化数据
		$data = $SYS->request->getVar('c_form', array(), 'post', 'array');
		$data['section_id']=$SYS->request->getVar('section_id');
		$data['id'] = $SYS->request->getVar('id', 0, 'post', 'int');
		if($data['id'] == 0)	$this->permit('user.add.option.groups');
		else	$this->permit('user.edit.option.groups');	
		
		$model	= &$this->getModel();
		$model->saveGroup($data);
		switch ( $this->getTask() )
		{
			case 'apply':
				$msg = C_text::sprintf( 'Tip1');
				break;
			case 'save':
			default:
				$msg = C_text::sprintf( 'Tip2');
				break;
		}
		$SYS->loader->setMessage($msg);
		$this->display();
	}
	function saveUsers()
	{
		C_request::checkToken();
		$SYS = &get_instance();
		$db = C_loader::getDBO();
		$me	 = $SYS->session->get('admin_name');
		$post = $SYS->request->get('post');		
		// 创建新的用户对象
		$user = new C_user($SYS->request->getVar( 'id', 0, 'post', 'int'));
		
		// 用户组
		$post['groups'] = $SYS->request->getVar('groups', array(), 'post', 'array');
		$post['groups'] = array_unique($post['groups']);
		C_loader::helper('array');
		toInteger($post['groups']);
		// 移除空数据
		if (array_search(0, $post['groups'], true)) {
			unset($post['groups'][array_search(0, $post['groups'], true)]);
		}
		//是否按照网站配置激活新用户
		if($post['id'] < 1)
		{
			$post['block'] = $SYS->config->item('activation')==0?1:0;
		}
		//绑定数据		
		if (!$user->bind($post))
		{
			$SYS->loader->setMessage(C_text::sprintf( 'Tip5'),'error');
			$this->display();
			return;
		}
		//权限控制
		
		// 创建新用户?
		$isNew 	= ($user->get('id') < 1);
		
		if (!$isNew)
		{
			$this->permit('user.edit.option.users');
			// 处理超级用户
			if ( in_array("1",explode(",",$me->get('gid'))) )
			{
				$created_by1=unserialize($me->get('params'));
				$created_by2=unserialize($user->get('params'));
				//只允许创建者修改本身
				if ( $created_by1['created_by'] != $me->get('id') && $created_by2['created_by'] == $user->get('id'))
				{
					$this->display();
					return;
				}
			}
		}else	$this->permit('user.add.option.users');
		
		//存入数据库
		if (!$user->save())
		{
			$SYS->loader->setMessage(C_text::sprintf( 'Tip5'),'error');
			$this->display();
			return;
		}
		
		// 更新自己时
		if ($user->get('id') == $me->get('id'))
		{
			$SYS->session->set('user', $user);
		}
		switch ( $this->getTask() )
		{
			case 'apply':
				$msg = C_text::sprintf( 'Tip1');
				break;
			case 'save':
			default:
				$msg = C_text::sprintf( 'Tip2');
				break;
		}
		$SYS->loader->setMessage($msg);
		$this->display();
	}
	function remove()
	{
		$SYS = &get_instance();
		$class = $SYS->request->getVar('option', '', 'get');
		$class = $class==''?$SYS->request->getvar('option') : $class;
		//移除用户或用户组
		switch($class)
		{			
			case 'groups':$this->removeGroups();break;
			default:$this->removeUsers();
		}
	}
	//移除用户
	function removeUsers()
	{
		C_request::checkToken();
		$this->permit('user.remove.option.users');
		$SYS = &get_instance();
		//初始化数据
		$cid = $SYS->request->getVar( 'cid', array(), '', 'array' );
		$currentUser = & $SYS->session->get('admin_name');
		if (count( $cid ) < 1) {
			return ;
		}
		
		foreach ($cid as $id)
		{
			$user =& $SYS->user->getInstance((int)$id);
			$created_by=unserialize($user->get('params'));
			//不能删除自己
			if ( $id == $currentUser->id )
			{
				$msg = C_text::_( 'YouCannotDeleteYourself' );
				$SYS->loader->setMessage($msg,'error');
			}//不能删除创建者
			else if( in_array("1",explode(",",$user->get('gid'))) && $user->get('id') == $created_by['created_by'] )
			{
				$msg = C_text::_( 'YouCannotDeleteSuperAdministrator' );
				$SYS->loader->setMessage($msg,'error');
			}
			else
			{				
				// 删除
				$user->delete();
				$msg = C_text::_('Tip3');
				$SYS->loader->setMessage($msg);
			}
		}		
		$this->display();
	}
	function block( )
	{
		//验证表单有效性
		C_request::checkToken();
		//编辑权限
		$this->permit('user.edit.option.users');
		$SYS = &get_instance();
		//初始化数据
		$cid = $SYS->request->getVar( 'cid', array(), '', 'array' );
		//获取当前用户
		$currentUser = & $SYS->session->get('admin_name');
		$db = C_loader::getDBO();
		$block  = $this->getTask() == 'block' ? 1 : 0;
		if (count( $cid ) < 1) {
			return ;
		}
		foreach ($cid as $id)
		{
			$user =& $SYS->user->getInstance((int)$id);
			if ( $id == $currentUser->id )
			{
				$msg = C_text::_( 'YouCannotBlockYourself' );
			}else if( in_array("1",explode(",",$user->get('gid'))) && $currentUser->id != (int)$SYS->config->item('superid'))
			{
				$msg = C_text::_( 'YouCannotBlockSuperAdministrator' );
			}//管理员才可以操作
			else if(in_array("1",explode(",",$currentUser->get('gid'))))
			{				
				// 锁定用户
				$user->block = $block;
				$user->save();
				//锁定时注销相应用户
				if($block)
				{
					$query = 'DELETE FROM '.$db->_table_prefix.'session'.
							' WHERE userid='.$id
					;
					$db->setQuery($query);
					$db->query();
					$msg = C_text::_('Tip10');
				}else	$msg = C_text::_('Tip11');
			}			
		}
		$SYS->loader->setMessage($msg);
		$this->display();		
	}
	function removeGroups()
	{
		C_request::checkToken();
		$this->permit('user.remove.option.groups');
		$SYS = &get_instance();
		$cid = $SYS->request->getVar( 'cid', array(), '', 'array' );
		$db = C_loader::getDBO();
		$table = C_loader::getDTO('usergroup');
		$user = $SYS->session->get('admin_name');
		if (count( $cid ) < 1 || !in_array("1",explode(",",$user->gid))) {
			$this->display();
			return ;
		}
		foreach ($cid as $id)
		{
			$table->load($id);
			// 获取用户组映射
			//mysql4不支持子查询
			$query = 
				'SELECT id FROM `'.$db->_table_prefix.'usergroups` AS c' .
				' WHERE c.lft >= '.(int) $table->lft.' AND c.rgt <= '.$table->rgt
			;
			$db->setQuery($query);
			$tmpid=$db->loadResultArray();
			$tmpid=implode(',',$tmpid);
			$query = 
				'SELECT user_id FROM `'.$db->_table_prefix.'user_usergroup_map`' .
				' WHERE `group_id` = '.(int) $id.
				' OR `group_id` IN'.
				' (' .$tmpid.')'
			;
			$db->setQuery($query);			
			// 是否为空用户组
			if(!$db->loadResult())
			{
				$SYS->loader->setMessage(C_text::_('Tip3'));
				$table->delete();
			}
			else $SYS->loader->setMessage(C_text::_('Tip7'),'error');
		}
		
		$this->display();
	}
	function cancel( )
	{
		C_request::checkToken();
		$this->display();
	}	
}
# 本程序是一个开源系统,使用时请你仔细阅读使用协议,商业用途请自觉购买商业授权.
# Copyright (C) 长沙米拓信息技术有限公司 (http://www.metinfo.cn). All rights reserved.
?>